5 matches found
CVE-2024-13871
CVE-2024-13871 affects Bitdefender Box 1 with firmware 1.3.11.490. The vulnerability is a command injection in the "/check_image_and_trigger_recovery" API endpoint that allows an unauthenticated, network-adjacent attacker to execute arbitrary commands, potentially enabling full remote code execut...
CVE-2024-13872
Bitdefender Box is affected in versions 1.3.11.490–1.3.11.505. The issue arises from downloading assets over HTTP for updates via the /set_temp_token API, enabling an unauthenticated, network-adjacent attacker to perform MITM and return malicious assets. Restarted daemons using those assets can l...
CVE-2019-12612
CVE-2019-12612 affects Bitdefender BOX firmware versions before 2.1.37.37-34. The issue allows an attacker to pass arbitrary code to the BOX appliance via the web API, requiring the attacker to be present on the Box setup network and for the BOX to be in setup mode. The connected records provide ...
CVE-2024-13870
Bitdefender Box 1 devices with firmware 1.3.52.928 or earlier are affected by an improper access control vulnerability that permits an unauthenticated attacker in Wi‑Fi range to downgrade firmware to an older, potentially vulnerable Bitdefender‑signed version when the device is in Recovery Mode. ...
CVE-2019-12611
Bitdefender BOX firmware pre-2.1.37.37-34 is affected. The vulnerability lies in the miniupnpd implementation where specially crafted packets trigger memory allocation that is not freed, potentially causing the miniupnpd component to crash or the device to reboot. Impact is described as availabil...